PublicDateAtUSN: 2008-10-31
Candidate: CVE-2008-4864
PublicDate: 2008-11-01 00:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864
 http://scary.beasts.org/security/CESA-2008-008.html
 https://ubuntu.com/security/notices/USN-806-1
Description:
 Multiple integer overflows in imageop.c in the imageop module in Python
 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the
 Python VM and execute arbitrary code via large integer values in certain
 arguments to the crop function, leading to a buffer overflow, a different
 vulnerability than CVE-2007-4965 and CVE-2008-1679.
Ubuntu-Description:
Notes:
 mdeslaur> this was actually fixed in 2.5.3
 mdeslaur> regression: http://bugs.python.org/issue4317
 mdeslaur> PoC: http://scary.beasts.org/security/CESA-2008-008.html
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504619
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504620
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_python2.2:
upstream_python2.2: needs-triage
dapper_python2.2: ignored (reached end-of-life)
gutsy_python2.2: DNE
hardy_python2.2: DNE
intrepid_python2.2: DNE
jaunty_python2.2: DNE
karmic_python2.2: DNE
devel_python2.2: DNE

Patches_python2.3:
upstream_python2.3: needs-triage
dapper_python2.3: ignored (reached end-of-life)
gutsy_python2.3: DNE
hardy_python2.3: DNE
intrepid_python2.3: DNE
jaunty_python2.3: DNE
karmic_python2.3: DNE
devel_python2.3: DNE

Patches_python2.4:
 upstream: http://svn.python.org/view?view=rev&revision=67200
 upstream: http://svn.python.org/view?view=rev&revision=67270 (for regression)
upstream_python2.4: released (2.4.5-6)
dapper_python2.4: released (2.4.3-0ubuntu6.3)
gutsy_python2.4: needed (reached end-of-life)
hardy_python2.4: released (2.4.5-1ubuntu4.2)
intrepid_python2.4: released (2.4.5-5ubuntu1.1)
jaunty_python2.4: not-affected (2.4.6-1ubuntu3)
karmic_python2.4: not-affected (2.4.6-1ubuntu3)
devel_python2.4: DNE

Patches_python2.5:
 upstream: http://svn.python.org/view?view=rev&revision=66689 (head)
 upstream: http://svn.python.org/view?view=rev&revision=67266 (for regression)
 upstream: http://svn.python.org/view?view=rev&revision=66690 (2.5)
 upstream: http://svn.python.org/view?view=rev&revision=67268 (for regression)
 vendor: http://patch-tracking.debian.net/patch/series/view/python2.5/2.5.2-15/CVE-2008-4864.dpatch
upstream_python2.5: released (2.5.2-12)
dapper_python2.5: DNE
gutsy_python2.5: needed (reached end-of-life)
hardy_python2.5: released (2.5.2-2ubuntu6)
intrepid_python2.5: not-affected (2.5.2-11.1ubuntu1)
jaunty_python2.5: not-affected (2.5.4-1ubuntu4)
karmic_python2.5: not-affected (2.5.4-1ubuntu4)
devel_python2.5: DNE